2022-06-01 12:40:52 +03:00
|
|
|
const tpl = require('@tryghost/tpl');
|
2021-12-02 17:46:58 +03:00
|
|
|
const logging = require('@tryghost/logging');
|
2021-01-18 16:55:40 +03:00
|
|
|
const _ = require('lodash');
|
2022-10-21 12:28:09 +03:00
|
|
|
const {BadRequestError, NoPermissionError, UnauthorizedError} = require('@tryghost/errors');
|
2022-10-05 13:42:42 +03:00
|
|
|
const errors = require('@tryghost/errors');
|
2022-06-01 12:40:52 +03:00
|
|
|
|
|
|
|
const messages = {
|
2022-10-05 13:42:42 +03:00
|
|
|
emailRequired: 'Email is required.',
|
2022-06-01 12:40:52 +03:00
|
|
|
badRequest: 'Bad Request.',
|
|
|
|
notFound: 'Not Found.',
|
|
|
|
offerArchived: 'This offer is archived.',
|
|
|
|
tierArchived: 'This tier is archived.',
|
|
|
|
existingSubscription: 'A subscription exists for this Member.',
|
2022-10-05 13:42:42 +03:00
|
|
|
unableToCheckout: 'Unable to initiate checkout session',
|
|
|
|
inviteOnly: 'This site is invite-only, contact the owner for access.',
|
|
|
|
memberNotFound: 'No member exists with this e-mail address.',
|
|
|
|
memberNotFoundSignUp: 'No member exists with this e-mail address. Please sign up first.'
|
2022-06-01 12:40:52 +03:00
|
|
|
};
|
2021-01-18 16:55:40 +03:00
|
|
|
|
|
|
|
module.exports = class RouterController {
|
2021-10-21 14:35:29 +03:00
|
|
|
/**
|
|
|
|
* RouterController
|
|
|
|
*
|
|
|
|
* @param {object} deps
|
|
|
|
* @param {any} deps.offersAPI
|
|
|
|
* @param {any} deps.paymentsService
|
|
|
|
* @param {any} deps.memberRepository
|
|
|
|
* @param {any} deps.StripePrice
|
2022-01-10 12:42:05 +03:00
|
|
|
* @param {() => boolean} deps.allowSelfSignup
|
2021-10-21 14:35:29 +03:00
|
|
|
* @param {any} deps.magicLinkService
|
|
|
|
* @param {import('@tryghost/members-stripe-service')} deps.stripeAPIService
|
2022-08-18 18:38:42 +03:00
|
|
|
* @param {import('@tryghost/member-attribution')} deps.memberAttributionService
|
2021-10-21 14:35:29 +03:00
|
|
|
* @param {any} deps.tokenService
|
2022-08-25 22:15:34 +03:00
|
|
|
* @param {any} deps.sendEmailWithMagicLink
|
2021-10-21 14:35:29 +03:00
|
|
|
* @param {{isSet(name: string): boolean}} deps.labsService
|
|
|
|
*/
|
2021-01-18 16:55:40 +03:00
|
|
|
constructor({
|
2021-10-13 12:11:12 +03:00
|
|
|
offersAPI,
|
2021-10-21 14:35:29 +03:00
|
|
|
paymentsService,
|
2022-10-21 12:28:09 +03:00
|
|
|
tiersService,
|
2021-01-18 16:55:40 +03:00
|
|
|
memberRepository,
|
2021-05-04 18:57:58 +03:00
|
|
|
StripePrice,
|
2021-01-18 16:55:40 +03:00
|
|
|
allowSelfSignup,
|
|
|
|
magicLinkService,
|
|
|
|
stripeAPIService,
|
|
|
|
tokenService,
|
2022-08-18 18:38:42 +03:00
|
|
|
memberAttributionService,
|
2021-01-27 18:19:09 +03:00
|
|
|
sendEmailWithMagicLink,
|
2022-02-09 16:00:39 +03:00
|
|
|
labsService
|
2021-01-18 16:55:40 +03:00
|
|
|
}) {
|
2021-10-13 12:11:12 +03:00
|
|
|
this._offersAPI = offersAPI;
|
2021-10-21 14:35:29 +03:00
|
|
|
this._paymentsService = paymentsService;
|
2022-10-21 12:28:09 +03:00
|
|
|
this._tiersService = tiersService;
|
2021-01-18 16:55:40 +03:00
|
|
|
this._memberRepository = memberRepository;
|
2021-05-04 18:57:58 +03:00
|
|
|
this._StripePrice = StripePrice;
|
2021-01-18 16:55:40 +03:00
|
|
|
this._allowSelfSignup = allowSelfSignup;
|
|
|
|
this._magicLinkService = magicLinkService;
|
|
|
|
this._stripeAPIService = stripeAPIService;
|
|
|
|
this._tokenService = tokenService;
|
|
|
|
this._sendEmailWithMagicLink = sendEmailWithMagicLink;
|
2022-08-18 18:38:42 +03:00
|
|
|
this._memberAttributionService = memberAttributionService;
|
2021-09-28 14:36:30 +03:00
|
|
|
this.labsService = labsService;
|
2021-01-18 16:55:40 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
async ensureStripe(_req, res, next) {
|
2021-01-26 14:26:28 +03:00
|
|
|
if (!this._stripeAPIService.configured) {
|
2021-01-18 16:55:40 +03:00
|
|
|
res.writeHead(400);
|
|
|
|
return res.end('Stripe not configured');
|
|
|
|
}
|
|
|
|
try {
|
|
|
|
await this._stripeAPIService.ready();
|
|
|
|
next();
|
|
|
|
} catch (err) {
|
|
|
|
res.writeHead(500);
|
|
|
|
return res.end('There was an error configuring stripe');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async createCheckoutSetupSession(req, res) {
|
|
|
|
const identity = req.body.identity;
|
|
|
|
|
2021-01-19 13:42:39 +03:00
|
|
|
if (!identity) {
|
|
|
|
res.writeHead(400);
|
|
|
|
return res.end();
|
|
|
|
}
|
|
|
|
|
2021-01-18 16:55:40 +03:00
|
|
|
let email;
|
|
|
|
try {
|
|
|
|
if (!identity) {
|
|
|
|
email = null;
|
|
|
|
} else {
|
|
|
|
const claims = await this._tokenService.decodeToken(identity);
|
|
|
|
email = claims && claims.sub;
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
res.writeHead(401);
|
|
|
|
return res.end('Unauthorized');
|
|
|
|
}
|
|
|
|
|
|
|
|
const member = email ? await this._memberRepository.get({email}) : null;
|
|
|
|
|
|
|
|
if (!member) {
|
|
|
|
res.writeHead(403);
|
|
|
|
return res.end('Bad Request.');
|
|
|
|
}
|
2021-02-23 14:19:21 +03:00
|
|
|
|
|
|
|
let customer;
|
|
|
|
if (!req.body.subscription_id) {
|
|
|
|
customer = await this._stripeAPIService.getCustomerForMemberCheckoutSession(member);
|
|
|
|
} else {
|
|
|
|
const subscriptions = await member.related('stripeSubscriptions').fetch();
|
|
|
|
const subscription = subscriptions.models.find((sub) => {
|
|
|
|
return sub.get('subscription_id') === req.body.subscription_id;
|
|
|
|
});
|
|
|
|
|
|
|
|
if (!subscription) {
|
2022-08-29 15:02:58 +03:00
|
|
|
res.writeHead(404, {
|
|
|
|
'Content-Type': 'text/plain;charset=UTF-8'
|
|
|
|
});
|
|
|
|
return res.end(`Could not find subscription ${req.body.subscription_id}`);
|
2021-02-23 14:19:21 +03:00
|
|
|
}
|
|
|
|
customer = await this._stripeAPIService.getCustomer(subscription.get('customer_id'));
|
|
|
|
}
|
2021-01-18 16:55:40 +03:00
|
|
|
|
|
|
|
const session = await this._stripeAPIService.createCheckoutSetupSession(customer, {
|
2022-02-09 16:00:39 +03:00
|
|
|
successUrl: req.body.successUrl,
|
|
|
|
cancelUrl: req.body.cancelUrl,
|
2021-02-23 14:19:21 +03:00
|
|
|
subscription_id: req.body.subscription_id
|
2021-01-18 16:55:40 +03:00
|
|
|
});
|
|
|
|
const publicKey = this._stripeAPIService.getPublicKey();
|
|
|
|
const sessionInfo = {
|
|
|
|
sessionId: session.id,
|
|
|
|
publicKey
|
|
|
|
};
|
|
|
|
res.writeHead(200, {
|
|
|
|
'Content-Type': 'application/json'
|
|
|
|
});
|
|
|
|
|
|
|
|
res.end(JSON.stringify(sessionInfo));
|
|
|
|
}
|
|
|
|
|
|
|
|
async createCheckoutSession(req, res) {
|
2021-10-06 16:01:04 +03:00
|
|
|
let ghostPriceId = req.body.priceId;
|
2022-05-16 21:27:23 +03:00
|
|
|
const tierId = req.body.tierId;
|
2022-11-01 17:47:49 +03:00
|
|
|
let cadence = req.body.cadence;
|
2021-01-18 16:55:40 +03:00
|
|
|
const identity = req.body.identity;
|
2021-09-28 14:36:30 +03:00
|
|
|
const offerId = req.body.offerId;
|
2022-08-18 18:38:42 +03:00
|
|
|
const metadata = req.body.metadata ?? {};
|
2021-01-18 16:55:40 +03:00
|
|
|
|
2022-05-16 21:27:23 +03:00
|
|
|
if (!ghostPriceId && !offerId && !tierId && !cadence) {
|
2022-06-01 12:40:52 +03:00
|
|
|
throw new BadRequestError({
|
|
|
|
message: tpl(messages.badRequest)
|
|
|
|
});
|
2021-01-18 16:55:40 +03:00
|
|
|
}
|
|
|
|
|
2022-05-16 21:27:23 +03:00
|
|
|
if (offerId && (ghostPriceId || (tierId && cadence))) {
|
2022-06-01 12:40:52 +03:00
|
|
|
throw new BadRequestError({
|
|
|
|
message: tpl(messages.badRequest)
|
|
|
|
});
|
2022-05-16 21:27:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (ghostPriceId && tierId && cadence) {
|
2022-06-01 12:40:52 +03:00
|
|
|
throw new BadRequestError({
|
|
|
|
message: tpl(messages.badRequest)
|
|
|
|
});
|
2022-05-16 21:27:23 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (tierId && !cadence) {
|
2022-06-01 12:40:52 +03:00
|
|
|
throw new BadRequestError({
|
|
|
|
message: tpl(messages.badRequest)
|
|
|
|
});
|
2022-05-16 21:27:23 +03:00
|
|
|
}
|
|
|
|
|
2022-05-18 10:42:40 +03:00
|
|
|
if (cadence && cadence !== 'month' && cadence !== 'year') {
|
2022-06-01 12:40:52 +03:00
|
|
|
throw new BadRequestError({
|
|
|
|
message: tpl(messages.badRequest)
|
|
|
|
});
|
2021-10-06 16:01:04 +03:00
|
|
|
}
|
|
|
|
|
2022-10-21 12:28:09 +03:00
|
|
|
let tier;
|
|
|
|
let offer;
|
|
|
|
let member;
|
|
|
|
let options = {};
|
|
|
|
|
2021-11-03 17:13:11 +03:00
|
|
|
if (offerId) {
|
2022-10-21 12:28:09 +03:00
|
|
|
offer = await this._offersAPI.getOffer({id: offerId});
|
|
|
|
tier = await this._tiersService.api.read(offer.tier.id);
|
2022-11-01 17:47:49 +03:00
|
|
|
cadence = offer.cadence;
|
2022-12-07 12:00:11 +03:00
|
|
|
// Attach offer information to stripe metadata for free trial offers
|
|
|
|
// free trial offers don't have associated stripe coupons
|
|
|
|
metadata.offer = offer.id;
|
2022-10-21 12:28:09 +03:00
|
|
|
} else {
|
|
|
|
offer = null;
|
|
|
|
tier = await this._tiersService.api.read(tierId);
|
|
|
|
}
|
2021-10-06 16:01:04 +03:00
|
|
|
|
2022-10-21 12:28:09 +03:00
|
|
|
if (tier.status === 'archived') {
|
|
|
|
throw new NoPermissionError({
|
|
|
|
message: tpl(messages.tierArchived)
|
|
|
|
});
|
|
|
|
}
|
2021-10-13 12:19:35 +03:00
|
|
|
|
2022-10-21 12:28:09 +03:00
|
|
|
if (identity) {
|
|
|
|
try {
|
|
|
|
const claims = await this._tokenService.decodeToken(identity);
|
|
|
|
const email = claims && claims.sub;
|
|
|
|
if (email) {
|
|
|
|
member = await this._memberRepository.get({
|
|
|
|
email
|
|
|
|
}, {
|
|
|
|
withRelated: ['stripeCustomers', 'products']
|
|
|
|
});
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
throw new UnauthorizedError({err});
|
2022-08-09 12:13:31 +03:00
|
|
|
}
|
2022-10-21 12:28:09 +03:00
|
|
|
} else if (req.body.customerEmail) {
|
|
|
|
member = await this._memberRepository.get({
|
|
|
|
email: req.body.customerEmail
|
|
|
|
}, {
|
|
|
|
withRelated: ['stripeCustomers', 'products']
|
|
|
|
});
|
2021-10-06 16:01:04 +03:00
|
|
|
}
|
2022-05-16 21:27:23 +03:00
|
|
|
|
2022-08-18 18:38:42 +03:00
|
|
|
// Don't allow to set the source manually
|
|
|
|
delete metadata.attribution_id;
|
|
|
|
delete metadata.attribution_url;
|
|
|
|
delete metadata.attribution_type;
|
2022-08-17 12:07:41 +03:00
|
|
|
|
2022-08-18 18:38:42 +03:00
|
|
|
if (metadata.urlHistory) {
|
|
|
|
// The full attribution history doesn't fit in the Stripe metadata (can't store objects + limited to 50 keys and 500 chars values)
|
|
|
|
// So we need to add top-level attributes with string values
|
|
|
|
const urlHistory = metadata.urlHistory;
|
|
|
|
delete metadata.urlHistory;
|
|
|
|
|
2022-09-14 22:50:54 +03:00
|
|
|
const attribution = await this._memberAttributionService.getAttribution(urlHistory);
|
2022-08-18 18:38:42 +03:00
|
|
|
|
|
|
|
// Don't set null properties
|
|
|
|
if (attribution.id) {
|
|
|
|
metadata.attribution_id = attribution.id;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (attribution.url) {
|
|
|
|
metadata.attribution_url = attribution.url;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (attribution.type) {
|
|
|
|
metadata.attribution_type = attribution.type;
|
|
|
|
}
|
2022-09-19 09:46:16 +03:00
|
|
|
|
2022-09-27 22:28:06 +03:00
|
|
|
if (attribution.referrerSource) {
|
|
|
|
metadata.referrer_source = attribution.referrerSource;
|
2022-09-19 09:46:16 +03:00
|
|
|
}
|
|
|
|
|
2022-09-27 22:28:06 +03:00
|
|
|
if (attribution.referrerMedium) {
|
|
|
|
metadata.referrer_medium = attribution.referrerMedium;
|
2022-09-19 09:46:16 +03:00
|
|
|
}
|
|
|
|
|
2022-09-27 22:28:06 +03:00
|
|
|
if (attribution.referrerUrl) {
|
|
|
|
metadata.referrer_url = attribution.referrerUrl;
|
2022-09-19 09:46:16 +03:00
|
|
|
}
|
2022-08-18 18:38:42 +03:00
|
|
|
}
|
|
|
|
|
2022-10-21 12:28:09 +03:00
|
|
|
options.successUrl = req.body.successUrl;
|
|
|
|
options.cancelUrl = req.body.cancelUrl;
|
2022-10-27 07:00:21 +03:00
|
|
|
options.email = req.body.customerEmail;
|
2021-11-03 11:57:28 +03:00
|
|
|
|
2022-01-04 17:50:24 +03:00
|
|
|
if (!member && req.body.customerEmail && !req.body.successUrl) {
|
2022-10-21 12:28:09 +03:00
|
|
|
options.successUrl = await this._magicLinkService.getMagicLink({
|
|
|
|
tokenData: {
|
|
|
|
email: req.body.customerEmail,
|
|
|
|
attribution: {
|
|
|
|
id: metadata.attribution_id ?? null,
|
|
|
|
type: metadata.attribution_type ?? null,
|
|
|
|
url: metadata.attribution_url ?? null
|
|
|
|
}
|
|
|
|
},
|
|
|
|
type: 'signup'
|
2021-01-18 16:55:40 +03:00
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2022-10-21 12:28:09 +03:00
|
|
|
const restrictCheckout = member?.get('status') === 'paid';
|
|
|
|
|
2022-08-17 12:07:41 +03:00
|
|
|
if (restrictCheckout) {
|
2022-06-01 12:40:52 +03:00
|
|
|
if (!identity && req.body.customerEmail) {
|
|
|
|
try {
|
|
|
|
await this._sendEmailWithMagicLink({email: req.body.customerEmail, requestedType: 'signin'});
|
|
|
|
} catch (err) {
|
|
|
|
logging.warn(err);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
throw new NoPermissionError({
|
|
|
|
message: messages.existingSubscription,
|
|
|
|
code: 'CANNOT_CHECKOUT_WITH_EXISTING_SUBSCRIPTION'
|
|
|
|
});
|
2021-01-18 16:55:40 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2022-10-21 12:28:09 +03:00
|
|
|
const paymentLink = await this._paymentsService.getPaymentLink({
|
|
|
|
tier,
|
|
|
|
cadence,
|
|
|
|
offer,
|
|
|
|
member,
|
|
|
|
metadata,
|
|
|
|
options
|
2021-01-18 16:55:40 +03:00
|
|
|
});
|
|
|
|
res.writeHead(200, {
|
|
|
|
'Content-Type': 'application/json'
|
|
|
|
});
|
|
|
|
|
2022-10-21 12:28:09 +03:00
|
|
|
return res.end(JSON.stringify({url: paymentLink}));
|
2022-06-01 12:40:52 +03:00
|
|
|
} catch (err) {
|
|
|
|
throw new BadRequestError({
|
|
|
|
err,
|
|
|
|
message: tpl(messages.unableToCheckout)
|
|
|
|
});
|
2021-01-18 16:55:40 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async sendMagicLink(req, res) {
|
2022-10-05 13:42:42 +03:00
|
|
|
const {email, autoRedirect} = req.body;
|
2023-04-04 19:07:37 +03:00
|
|
|
let {emailType, redirect} = req.body;
|
2022-10-05 13:42:42 +03:00
|
|
|
|
2022-09-06 15:36:06 +03:00
|
|
|
let referer = req.get('referer');
|
|
|
|
if (autoRedirect === false){
|
|
|
|
referer = null;
|
|
|
|
}
|
2023-04-04 19:07:37 +03:00
|
|
|
if (redirect) {
|
|
|
|
try {
|
|
|
|
// Validate URL
|
|
|
|
referer = new URL(redirect).href;
|
|
|
|
} catch (e) {
|
|
|
|
logging.warn(e);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-18 16:55:40 +03:00
|
|
|
if (!email) {
|
2022-10-05 13:42:42 +03:00
|
|
|
throw new errors.BadRequestError({
|
|
|
|
message: tpl(messages.emailRequired)
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!emailType) {
|
|
|
|
// Default to subscribe form that also allows to login (safe fallback for older clients)
|
|
|
|
if (!this._allowSelfSignup()) {
|
|
|
|
emailType = 'signin';
|
|
|
|
} else {
|
|
|
|
emailType = 'subscribe';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!['signin', 'signup', 'subscribe'].includes(emailType)) {
|
2021-01-18 16:55:40 +03:00
|
|
|
res.writeHead(400);
|
|
|
|
return res.end('Bad Request.');
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2022-10-05 13:42:42 +03:00
|
|
|
if (emailType === 'signup' || emailType === 'subscribe') {
|
|
|
|
if (!this._allowSelfSignup()) {
|
|
|
|
throw new errors.BadRequestError({
|
|
|
|
message: tpl(messages.inviteOnly)
|
|
|
|
});
|
2021-01-18 16:55:40 +03:00
|
|
|
}
|
2022-10-05 13:42:42 +03:00
|
|
|
|
|
|
|
// Someone tries to signup with a user that already exists
|
|
|
|
// -> doesn't really matter: we'll send a login link
|
2022-04-13 12:25:56 +03:00
|
|
|
const tokenData = _.pick(req.body, ['labels', 'name', 'newsletters']);
|
2022-08-25 22:15:34 +03:00
|
|
|
if (req.ip) {
|
|
|
|
tokenData.reqIp = req.ip;
|
|
|
|
}
|
2022-08-18 18:38:42 +03:00
|
|
|
// Save attribution data in the tokenData
|
2022-09-14 22:50:54 +03:00
|
|
|
tokenData.attribution = await this._memberAttributionService.getAttribution(req.body.urlHistory);
|
2022-08-18 18:38:42 +03:00
|
|
|
|
2022-09-06 15:36:06 +03:00
|
|
|
await this._sendEmailWithMagicLink({email, tokenData, requestedType: emailType, referrer: referer});
|
2022-10-21 12:28:09 +03:00
|
|
|
|
2022-10-05 13:42:42 +03:00
|
|
|
res.writeHead(201);
|
|
|
|
return res.end('Created.');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Signin
|
|
|
|
const member = await this._memberRepository.get({email});
|
|
|
|
if (member) {
|
|
|
|
const tokenData = {};
|
|
|
|
await this._sendEmailWithMagicLink({email, tokenData, requestedType: emailType, referrer: referer});
|
|
|
|
res.writeHead(201);
|
|
|
|
return res.end('Created.');
|
2021-01-18 16:55:40 +03:00
|
|
|
}
|
2022-10-21 12:28:09 +03:00
|
|
|
|
2022-10-05 13:42:42 +03:00
|
|
|
throw new errors.BadRequestError({
|
|
|
|
message: this._allowSelfSignup() ? tpl(messages.memberNotFoundSignUp) : tpl(messages.memberNotFound)
|
|
|
|
});
|
2021-01-18 16:55:40 +03:00
|
|
|
} catch (err) {
|
2021-12-16 10:25:32 +03:00
|
|
|
if (err.code === 'EENVELOPE') {
|
|
|
|
logging.error(err);
|
|
|
|
res.writeHead(400);
|
|
|
|
return res.end('Bad Request.');
|
|
|
|
}
|
2022-10-05 13:42:42 +03:00
|
|
|
|
|
|
|
// Let the normal error middleware handle this error
|
|
|
|
throw err;
|
2021-01-18 16:55:40 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|